openstack/puppet-neutron
Code Issues Proposed changes
fd675a550a
puppet-neutron/manifests/server.pp
Alex Schultz fd675a550a Add memcached_servers for keystone authtoken 
This change allows a user to manage the memcached servers for
keystone_authtoken.

Change-Id: Ic3963631caab327c1f44819be9eb14d0173085a2
2016-06-30 11:12:03 -06:00

606 lines
22 KiB
Puppet
Raw Blame History

# == Class: neutron::server
#
# Setup and configure the neutron API endpoint
#
# === Parameters
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
# [*enabled*]
# (optional) The state of the service
# Defaults to true
#
# [*manage_service*]
# (optional) Whether to start/stop the service
# Defaults to true
#
# [*service_name*]
# (optional) The name of the neutron-server service
# Defaults to $::neutron::params::server_service
#
# [*log_file*]
# REMOVED: Use log_file of neutron class instead.
#
# [*log_dir*]
# REMOVED: Use log_dir of neutron class instead.
#
# [*auth_type*]
# (optional) What auth system to use
# Defaults to 'keystone'. Can other be 'noauth'
#
# [*keystone_auth_type*]
# (optional) An authentication plugin to use with an OpenStack Identity server.
# Defaults to 'password'
#
# [*auth_uri*]
# (optional) Complete public Identity API endpoint.
# Defaults to: 'http://localhost:5000/'
#
# [*auth_url*]
# (optional) Authorization URL.
# If version independent identity plugin is used available versions will be
# determined using auth_url
# Defaults to 'http://localhost:35357'
#
# [*username*]
# (optional) The name of the auth user
# Defaults to 'neutron'
#
# [*password*]
# The password to use for authentication (keystone)
# Either password or auth_password is required
#
# [*project_domain_id*]
# (optional) Auth user project's domain ID
# Defaults to 'Default'
#
# [*project_name*]
# (optional) Auth user project's name
# Defaults to 'services'
#
# [*user_domain_id*]
# (optional) Auth user's domain ID
# Defaults to 'Default'
#
# [*region_name*]
# (optional) The authentication region
# Defaults to $::os_service_default
#
# [*database_connection*]
# (optional) Connection url for the neutron database.
# (Defaults to undef)
#
# [*memcached_servers*]
# (optinal) a list of memcached server(s) to use for caching. If left
# undefined, tokens will instead be cached in-process.
# Defaults to $::os_service_default.
#
# [*sql_connection*]
# DEPRECATED: Use database_connection instead.
#
# [*connection*]
# DEPRECATED: Use database_connection instead.
#
# [*database_max_retries*]
# (optional) Maximum database connection retries during startup.
# (Defaults to undef)
#
# [*sql_max_retries*]
# DEPRECATED: Use database_max_retries instead.
#
# [*max_retries*]
# DEPRECATED: Use database_max_retries instead.
#
# [*database_idle_timeout*]
# (optional) Timeout before idle database connections are reaped.
# Deprecates sql_idle_timeout
# (Defaults to undef)
#
# [*sql_idle_timeout*]
# DEPRECATED: Use database_idle_timeout instead.
#
# [*idle_timeout*]
# DEPRECATED: Use database_idle_timeout instead.
#
# [*database_retry_interval*]
# (optional) Interval between retries of opening a database connection.
# (Defaults to 10)
#
# [*sql_reconnect_interval*]
# DEPRECATED: Use database_retry_interval instead.
#
# [*retry_interval*]
# DEPRECATED: Use database_retry_interval instead.
#
# [*database_min_pool_size*]
# (optional) Minimum number of SQL connections to keep open in a pool.
# Defaults to: undef.
#
# [*database_max_pool_size*]
# (optional) Maximum number of SQL connections to keep open in a pool.
# Defaults to: undef.
#
# [*database_max_overflow*]
# (optional) If set, use this value for max_overflow with sqlalchemy.
# Defaults to: undef.
#
# [*sync_db*]
# (optional) Run neutron-db-manage on api nodes after installing the package.
# Defaults to false
#
# [*api_workers*]
# (optional) Number of separate worker processes to spawn.
# The default, count of machine's processors, runs the worker thread in the
# current process.
# Greater than 0 launches that number of child processes as workers.
# The parent process manages them.
# Defaults to: $::processorcount
#
# [*rpc_workers*]
# (optional) Number of separate RPC worker processes to spawn.
# The default, count of machine's processors, runs the worker thread in the
# current process.
# Greater than 0 launches that number of child processes as workers.
# The parent process manages them.
# Defaults to: $::processorcount
#
# [*agent_down_time*]
# (optional) Seconds to regard the agent as down; should be at least twice
# report_interval, to be sure the agent is down for good.
# agent_down_time is a config for neutron-server, set by class neutron::server
# report_interval is a config for neutron agents, set by class neutron
# Defaults to: $::os_service_default
#
# [*state_path*]
# (optional) Deprecated. Use state_path parameter on base neutron class instead.
#
# [*lock_path*]
# (optional) Deprecated. Use lock_path parameter on base neutron class instead.
#
# [*network_scheduler_driver*]
# (optional) The scheduler used when scheduling networks
# neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler to use availability zone hints scheduling.
# Defaults to $::os_service_default
#
# Example:
#
# class { 'neutron':
# network_scheduler_driver => 'neutron.scheduler.dhcp_agent_scheduler.AZAwareWeightScheduler'
# }
#
# [*router_scheduler_driver*]
# (optional) Driver to use for scheduling router to a default L3 agent. Could be:
# neutron.scheduler.l3_agent_scheduler.ChanceScheduler to schedule a router in a random way
# neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler to allocate on an L3 agent with the least number of routers bound.
# neutron.scheduler.l3_agent_scheduler.AZLeastRoutersScheduler to use availability zone hints.
# Defaults to: neutron.scheduler.l3_agent_scheduler.ChanceScheduler
#
# [*router_distributed*]
# (optional) Setting the "router_distributed" flag to "True" will default to the creation
# of distributed tenant routers.
# Also can be the type of the router on the create request (admin-only attribute).
# Defaults to $::os_service_default
#
# [*dhcp_load_type*]
# (optional) The resource type whos load is being reported by the agent.
# The expected values are either 'networks', 'subnets', 'ports'.
# Defaults to $::os_service_default
#
# Example:
#
# class { 'neutron':
# dhcp_load_type => 'networks'
# }
#
# [*default_availability_zones*]
# (optional) A list of availability zones that are picked when availability zone is not specified
# The expected input is an array when specified.
# Defaults to $::os_service_default
#
# Example:
#
# class { 'neutron':
# default_availability_zones => ['zone1', 'zone2']
# }
#
# [*allow_automatic_l3agent_failover*]
# (optional) Allow automatic rescheduling of routers from dead L3 agents with
# admin_state_up set to True to alive agents.
# Defaults to $::os_service_default
#
# [*allow_automatic_dhcp_failover*]
# (optional) Allow automatic rescheduling of dhcp from dead dhcp agents with
# admin_state_up set to True to alive agents.
# Defaults to $::os_service_default
#
# [*l3_ha*]
# (optional) Enable high availability for virtual routers.
# Defaults to false
#
# [*max_l3_agents_per_router*]
# (optional) Maximum number of l3 agents which a HA router will be scheduled on. If set to '0', a router will be scheduled on every agent.
# Defaults to '3'
#
# [*min_l3_agents_per_router*]
# (optional) Minimum number of l3 agents which a HA router will be scheduled on.
# Defaults to '2'
#
# [*l3_ha_net_cidr*]
# (optional) CIDR of the administrative network if HA mode is enabled.
# Defaults to $::os_service_default
#
# [*report_interval*]
# (optional) Deprecated, does nothing.
# Defaults to 'undef'.
#
# [*qos_notification_drivers*]
# (optional) Drivers list to use to send the update notification
# Defaults to $::os_service_default.
#
# [*network_auto_schedule*]
# (optional) Allow auto scheduling networks to DHCP agent
# Defaults to $::os_service_default.
#
# [*ensure_vpnaas_package*]
# (optional) Ensures installation of VPNaaS package before starting API service.
# Set to true to ensure installation of the package that is required to start neutron service if service_plugin is enabled.
# Defaults to false.
#
# [*ensure_fwaas_package*]
# (optional) Ensures installation of FWaaS package before starting API service.
# Set to true to ensure installation of the package that is required to start neutron service if service_plugin is enabled.
# Defaults to false.
#
# [*vpnaas_agent_package*]
# (optional) Use VPNaaS agent package instead of L3 agent package on debian platforms
# RedHat platforms won't take care of this parameter
# true/false
# Defaults to false
#
# [*service_providers*]
# (optional) (Array) Configures the service providers for neutron server.
# This needs to be set for lbaas, vpnaas, and fwaas.
# Defaults to $::os_service_default
#
# Example:
#
# class { 'neutron::server':
# service_providers => [
# 'LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default',
# 'LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver',
# 'VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default'
# ]
# }
#
# === Deprecated Parameters
#
# [*identity_uri*]
# Deprecated. Auth plugins based authentication should be used instead
# (optional) Complete admin Identity API endpoint.
# Defaults to: 'http://localhost:35357/'
#
# [*auth_region*]
# Deprecated. Auth plugins based authentication should be used instead
# (optional) The authentication region. Note this value is case-sensitive and
# must match the endpoint region defined in Keystone.
# Defaults to $::os_service_default
#
# [*auth_tenant*]
# Deprecated. Auth plugins based authentication should be used instead
# (optional) The tenant of the auth user
# Defaults to services
#
# [*auth_user*]
# Deprecated. Auth plugins based authentication should be used instead
# (optional) The name of the auth user
# Defaults to neutron
#
# [*auth_password*]
# Deprecated. Auth plugins based authentication should be used instead
# (optional) The password to use for authentication (keystone)
# Defaults to false. Set a value unless you are using noauth
#
# [*auth_plugin*]
# Deprecated. keystone_auth_type should be used instead
# An authentication plugin to use with an OpenStack Identity server.
# Defaults to $::os_service_plugin
#
# [*tenant_name*]
# Deprecated. project_name should be used instead
# The tenant of the auth user
# Defaults to $::os_service_plugin
#
# [*ensure_lbaas_package*]
# Deprecated. Ensures installation of LBaaS package.
# LBaaS agent should be installed from neutron::agents::lbaas.
# Defaults to false.
#
class neutron::server (
$package_ensure = 'present',
$enabled = true,
$manage_service = true,
$service_name = $::neutron::params::server_service,
$auth_type = 'keystone',
$keystone_auth_type = 'password',
$auth_uri = 'http://localhost:5000/',
$auth_url = 'http://localhost:35357/',
$username = 'neutron',
$password = false,
$region_name = $::os_service_default,
$project_domain_id = 'Default',
$project_name = 'services',
$user_domain_id = 'Default',
$database_connection = undef,
$database_max_retries = undef,
$database_idle_timeout = undef,
$database_retry_interval = undef,
$database_min_pool_size = undef,
$database_max_pool_size = undef,
$database_max_overflow = undef,
$sync_db = false,
$api_workers = $::processorcount,
$rpc_workers = $::processorcount,
$agent_down_time = $::os_service_default,
$router_scheduler_driver = 'neutron.scheduler.l3_agent_scheduler.ChanceScheduler',
$router_distributed = $::os_service_default,
$network_scheduler_driver = $::os_service_default,
$dhcp_load_type = $::os_service_default,
$default_availability_zones = $::os_service_default,
$allow_automatic_l3agent_failover = $::os_service_default,
$allow_automatic_dhcp_failover = $::os_service_default,
$l3_ha = false,
$max_l3_agents_per_router = 3,
$min_l3_agents_per_router = 2,
$l3_ha_net_cidr = $::os_service_default,
$qos_notification_drivers = $::os_service_default,
$network_auto_schedule = $::os_service_default,
$ensure_vpnaas_package = false,
$ensure_fwaas_package = false,
$vpnaas_agent_package = false,
$service_providers = $::os_service_default,
$memcached_servers = $::os_service_default,
# DEPRECATED PARAMETERS
$log_dir = undef,
$log_file = undef,
$report_interval = undef,
$state_path = undef,
$lock_path = undef,
$auth_password = false,
$auth_region = $::os_service_default,
$auth_tenant = 'services',
$auth_user = 'neutron',
$identity_uri = 'http://localhost:35357/',
$auth_plugin = $::os_service_default,
$tenant_name = $::os_service_default,
$ensure_lbaas_package = false,
) inherits ::neutron::params {
include ::neutron::deps
include ::neutron::db
include ::neutron::policy
# Work-around LP#1551974. neutron requires the keystoneclient to auth tokens
include ::keystone::client
if !is_service_default($default_availability_zones) {
validate_array($default_availability_zones)
}
if !is_service_default($dhcp_load_type) {
validate_re($dhcp_load_type, ['^networks$', '^subnets$', '^ports$'], 'Must pass either networks, subnets, or ports as values for dhcp_load_type')
}
if !is_service_default($service_providers) {
validate_array($service_providers)
}
if $ensure_fwaas_package {
if ($::osfamily == 'Debian') {
# Debian platforms
if $vpnaas_agent_package {
ensure_resource( 'package', $::neutron::params::vpnaas_agent_package, {
'ensure' => $neutron::package_ensure,
'tag' => ['openstack', 'neutron-package'],
})
Package[$::neutron::params::vpnaas_agent_package] -> Neutron_fwaas_service_config<||>
} else {
ensure_resource( 'package', 'neutron-fwaas' , {
'name' => $::neutron::params::fwaas_package,
'ensure' => $neutron::package_ensure,
'tag' => ['openstack', 'neutron-package'],
})
}
} elsif($::osfamily == 'Redhat') {
# RH platforms
ensure_resource( 'package', 'neutron-fwaas', {
'name' => $::neutron::params::fwaas_package,
'ensure' => $neutron::package_ensure,
'tag' => ['openstack', 'neutron-package'],
})
}
}
if $ensure_vpnaas_package {
ensure_resource( 'package', 'neutron-vpnaas-agent', {
'ensure' => $package_ensure,
'name' => $::neutron::params::vpnaas_agent_package,
'tag' => ['openstack', 'neutron-package'],
})
}
if $ensure_lbaas_package {
warning('$ensure_lbaas_package is deprecated. To install lbaas agent the neutron::agents::lbaas class should be used.')
ensure_resource( 'package', 'neutron-lbaas-agent', {
'ensure' => $package_ensure,
'name' => $::neutron::params::lbaas_agent_package,
'tag' => ['openstack', 'neutron-package'],
})
}
if $min_l3_agents_per_router <= $max_l3_agents_per_router or $max_l3_agents_per_router == 0 {
neutron_config {
'DEFAULT/l3_ha': value => $l3_ha;
'DEFAULT/max_l3_agents_per_router': value => $max_l3_agents_per_router;
'DEFAULT/min_l3_agents_per_router': value => $min_l3_agents_per_router;
'DEFAULT/l3_ha_net_cidr': value => $l3_ha_net_cidr;
}
} else {
fail('min_l3_agents_per_router should be less than or equal to max_l3_agents_per_router.')
}
if $sync_db {
include ::neutron::db::sync
}
neutron_config {
'DEFAULT/api_workers': value => $api_workers;
'DEFAULT/rpc_workers': value => $rpc_workers;
'DEFAULT/agent_down_time': value => $agent_down_time;
'DEFAULT/router_scheduler_driver': value => $router_scheduler_driver;
'DEFAULT/router_distributed': value => $router_distributed;
'DEFAULT/allow_automatic_l3agent_failover': value => $allow_automatic_l3agent_failover;
'DEFAULT/allow_automatic_dhcp_failover': value => $allow_automatic_dhcp_failover;
'DEFAULT/network_scheduler_driver': value => $network_scheduler_driver;
'DEFAULT/dhcp_load_type': value => $dhcp_load_type;
'DEFAULT/default_availability_zones': value => join(any2array($default_availability_zones), ',');
'DEFAULT/network_auto_schedule': value => $network_auto_schedule;
'service_providers/service_provider': value => $service_providers;
}
if $state_path {
# If we got state_path here, display deprecation warning and override the value from
# the base class. This preserves the behavior of before state_path was deprecated.
warning('The state_path parameter is deprecated. Use the state_path parameter on the base neutron class instead.')
Neutron_config <| title == 'DEFAULT/state_path' |> {
value => $state_path,
}
}
if $lock_path {
# If we got lock_path here, display deprecation warning and override the value from
# the base class. This preserves the behavior of before lock_path was deprecated.
warning('The lock_path parameter is deprecated. Use the lock_path parameter on the base neutron class instead.')
Neutron_config <| title == 'oslo_concurrency/lock_path' |> {
value => $lock_path,
}
}
neutron_config { 'qos/notification_drivers': value => join(any2array($qos_notification_drivers), ',') }
if ($::neutron::params::server_package) {
package { 'neutron-server':
ensure => $package_ensure,
name => $::neutron::params::server_package,
tag => ['openstack', 'neutron-package'],
}
}
neutron_config {
'DEFAULT/auth_type': value => $auth_type;
}
if ($auth_type == 'keystone') {
if ($auth_password == false) and ($password == false) {
fail('Either auth_password or password must be set when using keystone authentication.')
} elsif ($auth_password != false) and ($password != false) {
fail('auth_password and password must not be used together.')
} else {
neutron_config {
'keystone_authtoken/auth_uri': value => $auth_uri;
}
neutron_api_config {
'filter:authtoken/auth_uri': value => $auth_uri;
}
}
neutron_config {
'keystone_authtoken/memcached_servers': value => join(any2array($memcached_servers), ',');
}
if $auth_password {
warning('identity_uri, auth_tenant, auth_user, auth_password, auth_region configuration options are deprecated in favor of auth_plugin and related options')
neutron_config {
'keystone_authtoken/admin_tenant_name': value => $auth_tenant;
'keystone_authtoken/admin_user': value => $auth_user;
'keystone_authtoken/admin_password': value => $auth_password, secret => true;
'keystone_authtoken/auth_region': value => $auth_region;
'keystone_authtoken/identity_uri': value => $identity_uri;
}
neutron_api_config {
'filter:authtoken/admin_tenant_name': value => $auth_tenant;
'filter:authtoken/admin_user': value => $auth_user;
'filter:authtoken/admin_password': value => $auth_password, secret => true;
'filter:authtoken/identity_uri': value => $identity_uri;
}
} else {
if !is_service_default($tenant_name) {
warning('tenant_name configuration option is deprecated in favor of project_name')
$project_name_real = $tenant_name
} else {
$project_name_real = $project_name
}
neutron_config {
'keystone_authtoken/auth_url': value => $auth_url;
'keystone_authtoken/username': value => $username;
'keystone_authtoken/password': value => $password, secret => true;
'keystone_authtoken/region_name': value => $region_name;
'keystone_authtoken/project_domain_id': value => $project_domain_id;
'keystone_authtoken/project_name': value => $project_name_real;
'keystone_authtoken/user_domain_id': value => $user_domain_id;
'keystone_authtoken/admin_tenant_name': ensure => absent;
'keystone_authtoken/admin_user': ensure => absent;
'keystone_authtoken/admin_password': ensure => absent;
'keystone_authtoken/auth_region': ensure => absent;
'keystone_authtoken/identity_uri': ensure => absent;
}
neutron_api_config {
'filter:authtoken/admin_tenant_name': ensure => absent;
'filter:authtoken/admin_user': ensure => absent;
'filter:authtoken/admin_password': ensure => absent;
'filter:authtoken/identity_uri': ensure => absent;
}
if ! is_service_default ($auth_plugin) and ($auth_plugin) {
warning('auth_plugin parameter is deprecated, keystone_auth_type should be used instead')
neutron_config {
'keystone_authtoken/auth_plugin': value => $auth_plugin;
}
} else {
neutron_config {
'keystone_authtoken/auth_type': value => $keystone_auth_type;
}
}
}
}
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
}
service { 'neutron-server':
ensure => $service_ensure,
name => $service_name,
enable => $enabled,
hasstatus => true,
hasrestart => true,
tag => ['neutron-service', 'neutron-db-sync-service'],
}
}
View Git Blame Copy Permalink